Sophos, a world leader in IT security and control, has revealed
the most prevalent malware threats causing problems for computer
users around the world during August 2007.
The figures, compiled by Sophos's global network of monitoring
stations, show a dramatic drop in malware spreading in the form of
email attachments, with just one infected message in every 1,000
emails in August, compared to one in 322 during the first six
months of 2007.
Spam, however, has continued to be a problem - much of it
linking to malicious websites designed to infect users. A series of
large-scale attacks have been made via spam email, directing users
to infected webpages with the promise of ecards,
pictures of
nude celebrities, YouTube
movies, and pop music
videos. People visiting the sites are running the risk of
having their PCs infected by malicious code which can then steal
personal information, spam out more malware and junk email, or
launch distributed denial of service attacks against innocent
parties.
The total number of infected webpages continues to grow, albeit
at a slightly slower rate than the month before. During August,
Sophos detected an average of 5,000 new infected webpages each day,
compared to 6,000 in July.
There was also a sharp spike in spam activity in the middle of
August due to one of the world's biggest ever single spam campaigns
designed to manipulate stock prices.
Top ten web threats
The top ten list of web-based malware threats in August 2007
reads as follows:
Mal/Iframe and ObfJS have retained their positions at the top of
the chart. Meanwhile, Decdec has crept up to third place,
accounting for 14 percent of this month's web-based malware, up 11
percent on July.
"Cybercriminals are successfully using email and the web in
co-ordination to infect innocent internet surfers," said Carole Theriault, senior
security consultant at Sophos. "Home users and businesses alike
need to take more steps to protect themselves from online threats,
or risk being hit time and time again. It should be clear for
everyone to see that businesses, web hosts and ISPs are failing to
properly defend their websites. Fraudsters are continuing to find
rich pickings on the internet, duping users into handing over their
personal information."
Top malware-hosting countries
The top ten list of countries hosting malware-infected webpages
in August 2007, reads as follows:
| Position |
Last
month |
Country |
Percentage of reports |
| 1 |
1 |
China (inc. HK) |
|
| 2 |
2 |
United States |
|
| 3 |
3 |
Russia |
|
| 4 |
4 |
Ukraine |
|
| 5 |
8= |
Poland |
|
| 6 |
5 |
Germany |
|
| 7 |
Re-entry |
Netherlands |
|
| 8 |
Re-entry |
Italy |
|
| 9= |
8= |
Canada |
|
| 9= |
7 |
United Kingdom |
|
| Others |
7.8% |
Whilst the top three countries hosting malware-infected webpages
during August have remained unchanged from July, the percentage of
malicious pages hosted by them has dropped by ten percent to 76.6
percent. The proportion of infected pages hosted by the Ukraine has
more than doubled in the last month, and the Netherlands, Italy and
Canada have all re-entered the chart.
"While more than three quarters of infected webpages are hosted
in just three countries, that doesn't mean you only get hit if you
visit websites based in those areas," explained Theriault. "Hackers
are hijacking websites around the world to make them point to
malware on sites based in China, the USA, and Russia.
Cybercriminals don't discriminate when it comes to targeting the
web - they're just out for all they can get."
Top ten email threats
The top ten list of email-based malware threats in August 2007
reads as follows:
While the Pushdo Trojan horse has been around since March, it is
a newcomer to the top ten, accounting for 10.8 percent of all email
borne malware during August. Its rise is down to the fact that
around four new variants of Pushdo are currently being spammed out
every day, in a bid to try and bypass security systems.
"Most malware writers seem to be taking an extended holiday from
spreading their malicious code via email attachments, and are using
spam and the web instead to infect users," said Theriault.
"Criminals are hard at work trying to slip past filters at the
corporate gateway, and businesses must ensure that their security
solutions are kept up-to-date to defend against new virus variants
and new spam techniques before they can strike."
Top ten hoaxes and scams
During August, Sophos continued to see hoaxes and chainletters
spreading between internet users via email. One new hoax, which
took advantage of the growing popularity of social networking
websites, warned that Facebook users who accepted a friend
invitation from a user called Bum_tnoo7 would be
opening themselves up to identity theft. Sophos does recommend that
users of social networking websites take steps to protect their
identities online but this particular warning is bogus.
The top ten list of email hoaxes and scams in August 2007 reads
as follows:
Sophos experts have compiled simple best practice guides to
adopting a multi-layered defense. With blended threats, spam and
phishing attacks on the rise it has never been more important to
educate end users about how best to protect themselves.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.